Beginners Guide – Securing Legacy Devices

All hospitals and medical facilities have devices that store patient data. On August 21, 1996, the Healthcare Insurance Portability and Accountability Act (HIPAAwas signed into law, and by that time, millions of devices were installed and active. It was not until twenty years after HIPPA came to be that manufacturers began to address data vulnerabilities in their medical devices. The average life cycle of a medical device is 15 years, which means there are devices that were produced in 2005 that are being used in a medical facility as you read this article.

As a benchmark, the first iPhone came out in 2007. 

Securing aging, yet still, very active medical devices, which are likely beyond the manufacturer warranty and compliance requirements is essential in avoiding hefty fines or worse, a data breach. 

Securing data becomes a puzzle for IT staff because multiple devices are running on different versions of Microsoft Windows, there are multiple places where the data lives, and there is no help from the manufacturer once the warranty expires. The most crucial puzzle piece is having the device still work once the data is secure.

The solution? Secure the data files transparently, while it is at rest, so the device is unaware that anything has happened.

Using a FIPS 140-2 compliant algorithm with a passphrase created, by you, the owner of the data, allows the data to be encrypted while resting.

Your data is now encrypted, secure and the device can go back into service at the organization meeting your compliance needs.

This data is now secure by you, and can only be unsecured by you, which moves you one step closer to compliance.

Now that the data is secure and meets your compliance requirements you must be sure the device can read the data, too.  

Just like adding a lock to your front door, you will need the key to make it open. The application on the device will need to know the algorithm and the passphrase that you used earlier as the key, to open the data. 

Netlib has your devices covered try it out today.

Medical Device Encryption & Security

Encryptionizer for Distributed Applications and Devices